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Description 

FIELD OF THE INVENTION 

The present invention relates generally to secure 
communication systems and more particularly to sys- 
tems wherein encrypted information is transmitted from 
a single location to multiple terminals located at non- 
secure locations. 

BACKGROUND OF THE INVENTION 

A major problem in secure communication systems 
is the possibility of unauthorized penetration. Unauthor- 
ized penetration of this kind is referred to as hacking. 

Several methods have been employed to overcome 
the problem of hacking. Encryption of transmitted data 
and authentication of communicators are some of the 
methods employed to make hacking more difficult. 

One hacking method which is considered difficult to 
overcome is called "The McCormac Hack". This meth- 
od, which is believed to be theoretically applicable to 
CATV systems, is described in the book "World Satellite 
TV and Scrambling Methods", 2nd Edition, Bay I in Pub- 
lications 1991, pp. 242 - 244 by Frank Baylin, Richard 
Maddox and John McCormac and in "Satellite Watch 
News", August 1991. According to this method, a data 
stream from a legitimately authorized decoder, is ex- 
tracted in real time and transmitted over the air using a 
small radio-frequency (RF) transmitter. The data stream 
is then used to activate a number of pirate decoders. 

WO-A-91 11884 describes a decoder for descram- 
bling encoded satellite transmission. The decoder re- 
ceives twice-encrypted keys and performs a first key de- 
cryption in a first removable module in accordance with 
a secret serial number stored in the first removable mod- 
ule. The partially decrypted key of the first removable 
module is supplied to a second decryptor where the key 
is fully decrypted using a further secret serial number 
stored in the second decryptor. The arrangement ac- 
cording to WO-A-91 1 1 884 ensures that the replaceable 
module operates only on a particular decoder to which 
the replaceable module has been assigned. 

EP-A-343 805 teaches the reproduction of secure 
keys by using distributed key generation data. 

SUMMARY OF THE INVENTION 

The present invention seeks to provide a system 
and a method which substantially prevent the possibility 
of extracting a data stream from a legitimately author- 
ized terminal and transmitting the data stream to a plu- 
rality of pirate terminals. 

For the purposes of the present invention, the term 
"terminals" in all of its forms is used in a broader than 
usual sense to cover all types of computer terminals, 
CATV decoders, remote computers and remote compu- 
terized stations. 



For the purposes of the present invention, the terms 
"seed" and "key" in all of their forms are alternately used 
in a broader than usual sense to cover alt types of num- 
bers or other symbols, either secret or non-secret, which 

s are used at least as part of encryption/decryption keys 
to encrypt/decrypt (or scramble/descramble) data. The 
term "secret number - will be further used, for the pur- 
pose of the present invention, to denote the secret key 
which is used for encryption/decryption (or scrambling/ 

10 descrambling) of data. 

There is thus provided in accordance with a pre- 
ferred embodiment of the present invention a hacking 
prevention system or method for use with a network in- 
cluding a transmitter and a multiplicity of receivers as 

15 set out in the independent claims 1 and 14. 

Preferred embodiments of the invention are set out 
in dependent claims 2-13 and 1 5. 

BRIEF DESCRIPTION OF THE DRAWINGS 

20 

The present invention will be understood and ap- 
preciated more fully from the following detailed descrip- 
tion, taken in conjunction with the drawings in which: 

25 Fig. 1 is a generalized block diagram illustration of 
a theoretical hacking system based on the prior art 
"McCormac Hack" method; 
Fig. 2 is a generalized block diagram illustration of 
part of a subscriber unit constructed and operative 

30 in accordance with a preferred embodiment of the 
present invention; 

Fig. 3 is a flowchart description of the functionality 

of the apparatus of Fig. 2; 

Fig. 4 is a flowchart description of the functionality 

35 of the apparatus of Fig. 2 in accordance with an al- 
ternative embodiment of the invention which does 
not employ conditional access cards; 
Fig. 5 is a generalized block diagram illustration of 
part of a subscriber unit in accordance with a pre- 

40 i erred embodiment of the invention in which receiv- 
ers characterized by different parameters are ena- 
bled with the same secret number; and 
Fig. 6 is a flowchart description of the functionality 
of the apparatus of Fig. 5. 

45 

DETAILED DESCRIPTION OF PREFERRED 
EMBODIMENTS 

Reference is now made to Fig. 1 , which is a gener- 
50 alized block diagram illustration of a theoretical hacking 
system constructed and operative in accordance with 
the prior art "McCormac Hack" method. 

An authorized decoder 10, which is normally oper- 
ated by a valid smart card 12, is coupled instead to a 
55 McCormac's Hack Interface (MHI) unit 1 4 via a standard 
smart card communication link 1 5. Smart card 1 2 is also 
coupled to the MHI unit 14 via a standard smart card 
communication link 16. 
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MM unit 14 "sniffs* the communication data passed 
between the smart card 12 and the authorized decoder 
10 and provides it to a small radio transmitter 18. Radio 
transmitter 18 transmits the data via a radio-frequency 
(RF) link 1 9 to a radio receiver 20 which is coupled to a 5 
virtual smart card unit 22. Virtual smart card unit 22 is 
coupled to an unauthorized decoder 24 via a standard 
smart card communication link 25. In this way the unau- 
thorized decoder 24 is operated by the same data 
stream that operates the authorized decoder 10. 

In an alternative embodiment, MHI unit 14 'sniffs' 
the data which is communicated between units inside 
the authorized decoder 10. In this embodiment, MHI unit 
14 is linked, via communication link 27, to a communi- 
cation BUS 26 extending between a micro-processor 28 
and a descrambling device 29. Communication BUS 26 
carries the "seed" value which is the secret number re- 
quired for descrambling. In this way the seed value may 
be extracted and transmitted to the unauthorized decod- 
er for descrambling of the data. 

Reference is now made to Fig. 2, which is a gener- 
alized block diagram illustration of part of a subscriber 
unit constructed and operative in accordance with a pre- 
ferred embodiment of the present invention. 

In accordance with a preferred embodiment of the 
present invention, a data stream including a series of 
'authorization packets PKT1 ,...,PKTn is transmitted from 
an information source via a satellite link, to a packet re- 
ceiver and desc rambler unit 30 which forms part of a 
subscriber's CATV receiver and decoder (not shown). A 
series of offset values DELTA1 DELTAn is also trans- 
mitted via the satellite link and received by the packet 
receiver and descrambler unit 30. Preferably, each 
packet is paired with an offset value. 

In the packet receiver and descrambler unit 30 a 
Packet Receiver Unit (PRU) 32 receives the series of 
packets and the offset values. A random number gen- 
erator 34 provides a number in the range 1 ,...,n to PRU 
32 by employing a random number algorithm. According 
to the selected number, for example 3, the correspond- 
ing packet, i.e. PKT3, is transmitted to a smart card 36 
and a corresponding offset value, i.e. DELTA3, which 
serves as an internal key, is transmitted to a descram- 
bler unit 38. 

Smart card 36 employs an algorithm which produc- 
es an appropriate seed for each packet. When smart 
card 36 receives PKT3 it produces a corresponding key, 
here termed SEED3, and provides it to the descrambler 
unit 38. 

It is to be appreciated that PRU 32, random number 
generator 34 and the descrambler unit 38 are all em- 
bodied in a secure chip such as a VLSI chip. Thus, the 
communication of the random number and the offset 
value cannot be altered or "sniffed'. 

In the descrambler unit 38 the keys DELTA3 and 
SEED3 received from PRU 32 and smart card 36 re- 
spectively are employed by a function f such that: 
(1 ) f=f (seed value, offset value), and 



(2) SEED0=f(SEEDi,DELTAi) for any i=1,..., 

n, 

where SEED0 is the secret number required for de- 
scrambling of the data and V is any integer value in the 
series 1,...,n. If the value i=3 is selected then: 

(3) SEED0 = f(SEED3,DELTA3). 

In accordance with a preferred embodiment of the 
present invention, the descrambler 38 functions as a se- 
cret number generator in generating the SEED0 value 
and also functions as a key receiver, which receives an 
internal key and a key from the smart card. The SEE DO 
value is employed by the descrambler 38 for descram- 
bling of the data, inasmuch as the descrambler 38 is in 
a VLSI format it is considered difficutt, if not practically 
impossible, to tap the SEED0 value. 

It is to be appreciated that the hacking prevention 
system of Fig. 2 may be also operable with systems 
which do not employ smart cards. In that case the seed 
values corresponding to the packets PKT1,...,PKTn 
may be calculated and produced in any suitable part of 
the packet receiver and descrambler 30, such as, for 
example, any one of PRU 32, random number generator 
34 and descrambler 38, by employing an algorithm 
which is similar to the one employed in the smart card. 
Upon receipt of the selected random number from ran- 
dom number generator 34, the corresponding calculat- 
ed seed value and the appropriate offset value are pro- 
vided to descrambler unit 38. 

Reference is now made to Fig. 3 which is a flowchart 
description of the functionality of the apparatus of Fig. 2. 

A series of data packets PKT1 , . . . , PKTn and a series 
of offset values DELTA1,..., DELTAn are received via a 
satellite link. A random number generation algorithm is 
employed to calculate and select one of the index num- 
bers 1 n. The output of the random number genera- 
tion algorithm is, for example the index 3. The packet 
whose index number was calculated, i.e. PKT3, is trans- 
mitted to the smart card. In the smart card an algorithm 
which calculates seeds is employed to calculate the cor- 
responding SEED3 number. SEED3 is then transmitted 
to descrambler unit 38. 

The offset value which corresponds to the calculat- 
ed index number, i.e. DELTA3, is transmitted to the de- 
scrambling unit 38 where it is combined or otherwise uti- 
lized, by use of a secret number generator, with SEED3, 
to calculate a SEED0 value which is the secret number 
employed to descramble the satellite transmissions. 

Reference is now made to Fig. 4 which is a flowchart 
description of the functionality of the apparatus of Fig. 
2 according to an alternative embodiment of the inven- 
tion. The flowchart of Fig. 4 is similar to the one de- 
scribed in Fig. 3 except that the calculation of the seeds 
is not performed in a smart card but rather in PRU 32 of 
Fig. 2. It is to be appreciated that the calculation of the 
seeds is not limited to PRU 32 but may rather be per- 
formed in any part of the secure VLSI chip which forms 
the packet receiver and descrambler unit 30 shown in 
Fig. 2. 
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Reference is now made to Fig. 5 which is a gener- 
alized block diagram illustration of part of a subscriber 
unit in accordance with a preferred embodiment of the 
invention in which receivers of information supplied by 
different suppliers or receivers which are otherwise dis- 
tinguished from each other, as by demographics, geo- 
graphic location or any other parameter, are enabled 
with the same secret number. 

The system of Fig. 5 is similar to the system of Fig. 
2 except that additional data is received from an infor- 
mation source via the satellite link and processed in a 
packet receiver and descrambler unit 130. 

PRU 132 receives, via a satellite link, the following 
data: a series of packets PKT1 ,...,PKTn; a series of first 
offset values DELTA1 DELTAn to be employed in part 
of the abovementioned anti-hacking method; and a se- 
ries of second offset values GAMMA1,..., GAMMAk. 

The series of second offset values GAMMA1,..., 
GAMMAk is employed to distinguish between separate 
groups of subscribers/receivers which may be distin- 
guished from each other on the basis of one or more 
criteria, such as their program suppliers, their geograph- 
ic location or their demographics. Thus, each group of 
receivers is characterized by one of the second offset 
values. 

Characterization of the group of receivers can be 
achieved either by an internal code or an internal algo- 
rithm which is entered during manufacture of each de- 
coder, preferably in packet receiver and descrambler 
130, or by an algorithm in the smart card which upon its 
first communication with the decoder causes the decod- 
er to be valid for a selected parameter or group of pa- 
rameters, as exemplified above. Thus, upon such char- 
acterization, each decoder is enabled to select only one 
of the second offset values GAMMA1,... .GAMMAk. 

Alternatively or additionally the characterization of 
the decoder may be achieved using only the first offset 
values. In such a case, different decoders may be set 
to receive only certain ones of the offset values and not 
others. In this way, the use of the second offset values 
may be obviated. 

If, for example, the decoder is characterized to se- 
lect GAMMA2, which defines a unique program supplier, 
PRU 132 will transmit GAMMA2 to descrambler unit 
138. Upon selection of a random number, for example 
3, by random number generator 134, PRU 132 transmits 
the respective data packet PKT3 to smart card 136. 
PRU 132 also transmits an offset value from the series 
of offset values DELTA1 DELTAn according to the se- 
lected random number, i.e. DELTA3, to descrambler unit 
138. 

When issued, the set of smart cards for the sub- 
scribers for each group are different from the set of 
smart cards issued for the subscribers of another group. 
Differentiation is achieved by employing different algo- 
rithms in each set of smart cards. Therefore, for exam- 
ple, even if in two decoders, which are operated by two 
different information suppliers, the same random 



number is selected, i.e. 3, and the same data packet is 
transmitted to both smart cards, i.e. PKT3, each smart 
card calculates a different seed value, i.e. SEED3 and 
SEED3*. 

5 Since each of the abovementioned two decoders is 
operated by a separate program supplier, different sec- 
ond offset values area transmitted to descrambler unit 
138, for example GAMMA2 and GAMMA3 respectively. 
In the descrambler units 138 of the two decoders 

10 the same secret number generator is operated such 
that: 

(4) f=f(seed value, first offset value, second 
offset value); 

(5) SEEDO = f (SEED3, DELTA3, GAMMA2); 
'5 and also 

(6) SEEDO = f(SEED3*. DELTA3, 
GAM M A3). 

It is to be appreciated that in accordance with the 
abovementioned method the same SEEDO may be em- 
20 ployed for descrambling of information originated from 
one source and targeted to separate groups of subscrib- 
ers while preventing subscribers of one group from re- 
ceiving intelligible information destined for another 
group. 

25 Reference is now made to Fig. 6 which is a flowchart 
description of the functionality of the apparatus of Fig. 5. 

A series of data packets PKT1,...,PKTn, a series of 
first offset values DELTA1,..., DELTAn and a series of 
second offset values GAMMA1... ..GAMMAk are re- 

30 ceived via a satellite link. A random number generation 
algorithm is employed to calculate and select one of the 
index numbers 1 ,...,n. The output of the random number 
generation algorithm is, for example the index 3. The 
packet whose index number was calculated, i.e. PKT3, 

55 is transmitted to the smart card. 

In the smart card an algorithm which calculates 
seeds is employed to calculate the corresponding 
SEED3* number. SEED3* is then transmitted to de- 
scrambler unit 138. 

40 The first offset value which corresponds to the cal- 
culated index number, i.e. DELTAS, is transmitted to the 
descrambling unit 138. A second offset value which 
identifies a supplier or jurisdiction, for example 
GAMMA2, is also transmitted to descrambler unit 1 38. 

45 |n the descrambler unit 1 38 SEED3*. DELTA3 and 
GAMMA2 are combined, by use of a secret number gen- 
eration algorithm, to calculate a SEEDO value which is 
the secret number employed to descramble the satellite 
transmissions. 

50 Where technical features mentioned in any claim 
are followed by reference signs, those reference signs 
have been included for the sole purpose of increasing 
the intelligibility of the claims and accordingly, such ref- 
erence signs do not have any limiting effect on the scope 

55 of each element identified by way of example by such 
reference signs. 
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Claims 

1 . A hacking prevention system for use with a network 
including a transmitter and a multiplicity of receiv- 
ers, each receiver being independently enabled by 
a secret number (SEEDO) and when enabled being 
responsive to data (PKTyPKTn, DELTArDELTAn, 
GAMMA 1 -GAMMA k ) received from the transmitter 
for decrypting encrypted information, each of the 
multiplicity of receivers comprising: 

a first key generator (36; 136), employing at 
least part of the data (PKiyPKTn, DELU- 
DE LTAp, GAMMAj-GAMMAjJ and a function 
(34; 134) which differs for at least a plurality of 
ones of the multiplicity of receivers, for gener- 
ating a first key (SEED 1 -SEED n ) which is differ- 
ent for each receiver having a different function; 
and 

a second key generator (32; 132) employing at 
least part of the data (PKT r PKT n , DELTA 1 - 
DELTA,,, GAMMA^GAMMAk) and the function 
(34; 134) to produce a second key (DELTA., - 
DELTAS 

characterized in that the multiplicity of receiv- 
ers further comprises: 

a secret number generator (38; 138) utilizing 
the first key (SEED r SEED n ) with the second 
key (DELTA r DELTAn) to produce the secret 
number (SEEDO) which is the same for all of 
the multiplicity of receivers, 
whereby first and second keys (SEED r 
SEED n , DELTA r DELTA n ) intercepted at a first 
receiver cannot be effective to enable a second 
receiver having a different function. 

2. A hacking prevention system according to claim 1 
wherein the functbn (34; 134) which differs for at 
least a plurality of ones of the multiplicity of receiv- 
ers, is a random number generator (34; 1 34). 

3. A hacking prevention system according to claims 1 
or 2 wherein the second key generator (32; 1 32) is 
embodied in a single VLSI chip. 

4. A hacking prevention system according to one or 
more of claims 1-3 wherein the first key generator 
(36; 136), a provider for the function (34; 134) and 
the secret number generator (38; 1 38) are embod- 
ied in a single VLSI chip. 

5. A hacking prevention system according to one or 
more of claims 1-3 wherein the first key generator 
(36; 136), a provider for the function (34; 134), the 
secret number generator (38; 138) and the second 
key generator (32; 1 32) are embodied in a single 



VLSI chip. 

6. A hacking prevention system according to one or 
more of claims 1-5 wherein each of the multiplicity 

s of receivers comprises at least one of the VLSI 
chips. 

7. A hacking prevention system according to one or 
more of claims 1-6 wherein the network is a CATV 

10 network and the multiplicity of receivers are CATV 
receivers and decoders. 

8. A hacking prevention system according to one or 
more of claims 1 -7 and also operative to selectively 

*5 transmit information to the multiplicity of receivers 
from an information source, each of the multiplicity 
of receivers being associated with one of a multi- 
plicity of subscribers which subscribers may be in- 
dividually characterized by at least one of the fol- 

20 lowing parameters: information suppliers, geo- 
graphic locations, and demographics, and grouped 
into different groups according to at least one of the 
parameters, each of the multiplicity of receivers also 
comprising: 

25 

a third key generator (132) employing at least 
part. of the data (PKT r PKT n , DELTA-, -DE LTA^ 
GAMMA r GAMMA k ) to provide a third key 
(GAMMA^GAMMA^ which is characterized by 

30 at least one of the parameters, wherein 

the secret number generator (38; 1 38) is oper- 
ative to utilize the third key (GAMMA 1 -GAM- 
MAJ with the first key (SEED 1 -SEED n ) and the 
second key (DELTA 1 -DELTA n ) to produce the 

35 secret number (SEEDO) which is the same for 

all of the multiplicity of receivers, and 
the third key (GAMMA 1 -GAMMA k ), when inter- 
cepted at a receiver which forms part of a first 
group of receivers being grouped according to 

to at least one of the parameters, cannot be effec- 

tive to enable a receiver which forms part of a 
second group of receivers being grouped ac- 
cording to at least one of the parameters. 

45 9. a hacking prevention system acccording to one or 
more of claims 1-8 wherein the first key generator 
(36; 136) comprises: 

a packet receiver unit for receiving a data 
^o stream including at least a series of authoriza- 

tion packets (PKT 1 -PKT n ), 
a packet provider for providing a selected pack- 
et, the selected packet being a packet whose 
serial number in the series of authorization 
55 packets (PKT r PKT n ) is equal to a random 

number integer in the range between one and 
the total number of packets in the series of au- 
thorization packets (PKT r PKT n ), the random 
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number integer being produced by the random 
number generator (34; 134), and 
a first key receiver for receiving the first key 
(SEED r SEED n ) which uniquely corresponds 
to the selected packet. $ 

10. A hacking prevention system according to ciaim 9 
wherein the packet provider is operative to provide 
the selected packet to a removable smart card (36; 
136), and the first key receiver is operative to re- 
ceive the first key (SEED^SEEDJ from the remov- 
able smart card (36; 1 36). 



the first key generator (36; 136) and the secret . 
number generator (38; 138) is embodied in at least 
one of a descrambler and a decrypter. 

14. A hacking prevention method for use with a network 
including a transmitter and a multiplicity of receiv- 
ers, each receiver being independently enabled by 
a secret number (SEEDO) and when enabled being 
responsive to data (PKT r PKT n , DELTA., -DELTA,,, 
GAMMA! -GAMMAjJ received from the transmitter 
for decrypting encrypted information, the method 
comprising the steps of: 



10 



11. A hacking prevention system according to one or 
more of claims 1-8 wherein the second key gener- 
ator (32; 1 32) comprises: 

an offset value receiver unit for receiving a data 
stream including at least a series of offset val- 
ues (DELTA r DELTA n , GAMMA! -GAMMA k ) 
wherein each offset value in the series of offset 
values (DELTArDELTAn, GAMMA., -GAMMAk) 
is paired with a corresponding authorization 
packet in a series of authorization packets 
(PKT r PKT n ) ; and 

an offset value provider for providing the sec- 
ond key (DELTA 1 -DELTA n ), the second key 
(DELTA 1 -DELTA n ) including at least an offset 
value which serial number in the series of offset 
values (DELTAtDELTA^ GAMMA! -GAMMAk) 
is equal to a random number integer in the 
range between one and the total number of off- 
set values in the series of offset values 
(DELTA 1 -DELTA n , GAMMA-, -GAMMAk), ^& 
random number integer being produced by the 
random number generator (34; 134). 

12. A hacking prevention system according to claims 9 
or 1 0 wherein the second key generator (32; 1 32) 
comprises: 



generating a first key (SEED r SEED n ), by em- 
is ploying at least part of the data (PKT r PKT n , 

DELTArDELTAn, GAMMA! -GAMMAk) and a 
f unctbn (34; 1 34) which differs for at least a plu- 
rality of ones of the multiplicity of receivers, the 
first key (SEED r SEED n ) being different for 
20 each receiver having a different function; and 

generating a second key (DELTArDELTAn) by 
employing at least part of the data (Prd - ! -PKT n , 
DELTArDELTAn, GAMMA r GAMMAk) and the 
function (34; 134), 

25 

characterized in that the method further com- 
prises the steps of: 

generating the secret number (SEEDO) by uti- 
so lizingthe first key (SEED r SEED n ) with the sec- 

ond key (DELTArDELTAn) to produce the se- 
cret number (SEEDO) which is the same for all 
of the multiplicity of receivers, 
whereby first and second keys (SEED r SEED n 
35 DELTArDELTAn) intercepted at a first receiver 

cannot be effective to enable a second receiver 
having a different function. 

15. A method according to claim 14 and also compris- 
40 ing: 



20 



25 



30 



an offset value receiver unit for receiving at 
least a set of offset values (DELTA, -DELTA,,, 
GAMMArGAMMAJ, wherein each offset val- 
ue in the series of offset values (DELTArDEL- 
TAn, GAMMA! -GAMMAk) ' s paired with a cor- 
responding authorization packet in the series 
of authorization packets (PKT r PKT ft ) ; and 
an offset value provider for providing the sec- 
ond key (DELTArDELTAn), the second key 
(DELTA! -DE LTA„) including at least an offset 
value which serial number in the series of offset 
values (DELTArDELTAn, GAM MA! -GAMMAk) 
is equal to the serial number of the selected 
packet. 

13. A hacking prevention system according to one or 
more of claims 9, 1 0 and 1 2 wherein at least one of 



associating each of the multiplicity of receivers 
with one of a multiplicity of subscribers; 
individually characterizing the multiplicity of 
subscribers by at least one of the folbwing pa- 
rameters: information suppliers, geographic lo- 
cations, and demographics; 
grouping the multiplicity of subscribers into dif- 
ferent groups according to at least one of the 
parameters, the different groups being each se- 
lectively entitled to receive at least a portion of 
the information from an information source; 
producing, at at least one of the multiplicity of 
receivers, a third key (GAMMA r GAMMAk) by 
employing at least part of the data (PKT r PKT n , 
DELTArDELTAn, GAMMA r GAMMAk) to pro- 
vide the third key (GAMMA, -GAMMAk) which 
is characterized by at least one of the parame- 



6 



11 



EP 0 658 054 B1 



12 



ters, wherein 

the step of generating the secret number 
(SEE DO) comprises the step of generating the 
secret number (SEE DO) which is the same for 
allot the multiplicity of receivers by utilizing the 
third key (GAMMA, -GAM MA^ with the first key 
and the second key (SEED 1 -SEED n , DELTA r 
DELTAn), whereby 

the third key (GAMMA, -GAMMA^, when inter- 
cepted at a receiver which forms part of a first 
group of receivers being grouped according to 
at least one of the parameters, cannot be effec- 
tive to enable a receiver which forms part of a 
second group of receivers being grouped ac- 
cording to at least one of the parameters. 

Patentanspruche 

1. Ein Hackings-Verhinderungssystem zur Verwen- 
dung mit einem Netzwerk, das einen Sender und 
eine Vieizah! von Empfangern einschtie&t, wobei je- 
der Empfanger durch eine Geheimzahl (SEEDO) 
unabhangig freigeschaltet wird, und sobald er frei- 
geschaltet ist, auf Daten (PKT1-PKTn ( 
DELTAI-DELTAn, GAMMA1 -GAMM Ak) reagiert, 
die aus dem Sender empfangen werden, urn eine 
verschlusselte Information zu entsch I Ossein, wobei 
jeder aus der Vieizah I von Empfangern folgendes 
umfaBt: 

einen ersten Schlussel-Generator (36; 136), 
der mindestens einen Teil der Daten 
(PKT1 -PKTn, DELTA 1 -DELTAn, 

GAMMA1 -GAMMAk) und eine Funktion (34; 
134) verwendet, die sich mindestens fur eine 
Mehrzahl einiger aus der Vielzahl von Empfan- 
gern unterscheidet, urn einen ersten Schlussel 
(SEED1-SEEDn) zu erzeugen, der fur jeden 
Empfanger, der uber eine unterschiedliche 
Funktion verfugt, unterschiedlich ist; und 
einen zweiten Schlussel-Generator (32; 132), 
der mindestens einen Teil der Daten 
(PKT1 -PKTn, DELTA 1 -DELTAn, 

GAMMA1 -GAMMAk) und die Funktion (34; 
134) verwendet, urn einen zweiten Schlussel 
zu erzeugen (DELTAI-DELTAn); 

dadurch gekennzeichnet, daB die Vielzahl 
von Empfangern weiterhin folgendes umfaBt: 

einen Geheimzahl-Generator (38; 138), der 
den ersten Schlussel (SEED1-SEEDn) mit dem 
zweiten Schlussel (DELTAI-DELTAn) verwen- 
det, urn die Geheimzahl zu erzeugen, die fur 
alle der Vielzahl von Empfangern dieseibe ist, 
wodurch der erste und der zweite Schlussel 
(SEED1-SEEDn, DELTAI-DELTAn), die an ei- 



nem ersten Empfanger abgefangen werden, 
nicht wirksam sein konnen, um einen zweiten 
Empfanger, der eine unterschiedliche Funktion 
aufweist, freizuschaiten. 

5 

2. Ein Hackings-Verhinderungssystem nach An- 
spruch 1, worin die Funktion (34; 134), die sich fOr 
mindestens eine Mehrzahl einiger aus der Vielzahl 
von Empfangern unterscheidet, ein Zufallszahl-Ge- 

10 nerator (34; 134) ist. 

3. Ein Hackings-Verhinderungssystem nach den An- 
spruchen 1 oder 2, worin der zweite Schlussel-Ge- 
nerator (32; 132) auf einem einzigem VLSI-Chip 

75 ausgebildet ist 

4. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1-3, worin der erste 
Schlussel-Generator (36; 136), ein Bereitsteller fur 

20 die Funktion (34; 134) und der Geheimzahl-Gene- 
rator (38; 138) auf einem einzigen VLSI-Chip aus- 
gebildet sind. 

5. Ein Hackings-Verhinderungssystem nach einem 
25 oder mehreren der Anspruche 1 -3, worin der erste 

Schlussel-Generator (36; 136), ein Bereitsteller fur 
die Funktion (34; 134), der Geheimzahl-Generator 
(38; 138) und der zweite Schlussel-Generator (32; 
132) auf einem einzigen VLSI -Chip ausgebildet 
30 sind. 

6. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1 -5, worin jeder der 
Vielzahl von Empfangern mindestens einen der VL- 

3S Si-Chips umfaBt. 

7. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1 -6, worin das Netz- 
werk ein Kabelfernseh-Netzwerk ist und die Viel- 

40 zahl an Empfangern Kabelfernseh-Empfanger und 
-Dekodierer sind. 

8. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1-7, das ebenfalts 

45 betriebsfahig ist, um aus einer Informationsquelte 
der Vielzahl von Empfangern selektiv eine Informa- 
tion zuzusenden, wobei jeder der Vielzahl von Emp- 
fangern mit einem Teilnehmer aus einer Vielzahl 
von Teitnehmern assoziiert ist, wobei diese Teilneh- 

50 mer einzeln durch mindestens einen der folgenden 
Parameter gekennzeichnet sein konnen: Informati- 
onstieferanten, geographische Lagen und Bevolke- 
rungszahlstatistiken; und die gemaB mindestens ei- 
nem dieser Parameter in unterschiedliche Gruppen 

55 unterteilt werden, wobei jeder der Vielzahl von 
Empfangern ebenso folgendes umfaBt: 

einen dritten Schlussel-Generator (132), der 
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mindestens einen Teil der Daten (PKT1 -PKTn, 
DELTAI-DELTAn, GAMMA 1 -G AMMAk) ver- 
wendet, urn einen dritten Schlussel 
(GAMMA1 -G AMMAk) bereitzustellen, der 
durch mindestens einen der Parameter ge- 
kennzeichnet ist, worin 

der Geheimzahl-Generator (38; 138) betriebs- 
fahig ist, urn den dritten Schlussel 
(GAMMA1 -GAMM Ak) mrt dem ersten Schlus- 
sel (SEEDI-SEEDn) und mit dem zweiten 
Schlussel (DELTAI-DELTAn) zu verwenden, 
urn die Geheimzahl (SEEDO) zu erzeugen, die 
fur alle der Vielzahl von Empfangem dieselbe 
ist, und worin 

der dritte Schlussel (GAMMA1-G AMMAk), so- 
bald er an einem Empfanger abgefangen wird, 
der Teil einer ersten Gruppe von Empfangem 
bildet, die in Ubereinstimmung mit mindestens 
einem der Parameter unterteilt sind, nicht wirk- 
sam sein kann, um einen Empfanger freizu- 
schalten, der Teil einer zweiten Gruppe von 
Empfangem bildet, die in Ubereinstimmung mit 
mindestens einem der Parameter unterteilt 
sind. 

9. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1-8, worin der erste 
Schlussel-Generator (36; 136) folgendes umfaBt 

eine Datenpacket-Empfangereinheit zum 
Empfangen eines Datenstroms, der minde- 
stens eine Reihe von Berechtigungs-Daten- 
packeten (PKT1 -PKTn) einschlieBt, 
einen Datenpacket-Bereitsteller zum Bereit- 
stellen eines ausgewahlten Datenpackets, wo- 
bei das ausgewahlte Datenpacket ein Daten- 
packet ist, dessen Seriennummer in der Reihe 
von Berechtigungs-Datenpacketen 
(PKT1-PKTn) gleich einer ganzzahligen Zu- 
fallszahl ist, die im Bereich zwischen eins und 
der Gesamtzahl von Datenpacketen in der Rei- 
he von Berechtigungs-Datenpacketen 
(PKT1-PKTn) liegt, wobei die ganzzahlige Zu- 
fallszahl durch den Zufallszahl-Generator (34; 
134) erzeugt wird, und 

einen ersten Schlusselempf anger, um den er- 
sten Schlussel (SEEDI-SEEDn) zu empfan- 
gen, der eindeutig dem ausgewahlten Daten- 
packet entspricht. 

10. Ein Hackings-Verhinderungssystem nach An- 
spruch 9, worin der Datenpacket-Bereitsteller be- 
triebsfahig ist, um das ausgewahlte Datenpacket ei- 
ner entfernbaren Chip-Karte (36; 136) bereitzustel- 
len, und worin der erste Schlusselempfanger be- 
triebsfahig ist, um den ersten Schlussel 
(SEEDI-SEEDn) aus der entfernbaren Chip-Karte 
(36; 136) zu empfangen. 



11. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 1 -8, worin der zweite 
Schlussel-Generator (32; 132) folgendes umfaBt: 

5 eine Offset-Wert-Empfangereinheit zum Emp- 

fangen eines Datenstroms, der mindestens ei- 
ne Reihe von Offset-Werten (DELTA 1 -DELTAn, 
GAMMA1 -G AMMAk) einschlieBt, worin jeder 
Offset-Wert in den Reihen von Offset-Werten 

10 (DELTA 1 -DELTAn, GAMMA1 -G AMMAk) mit ei- 

nem entsprechenden Berechtigungs-Daten- 
packet in der Reihe von Berechtigungs-Daten- 
packeten (PKT1-PKTn) gepaart ist; und 
einen Offset-Wert-Berertsteller zum Bereitstel- 

15 len des zweiten Schlussels (DELTA1 -DELTAn), 

wobei der zweite Schlussel (DELTA1 -DELTAn) 
mindestens einen Offset-Wert einschlieBt, des- 
sen Seriennummer in der Reihe von Offset- 
Werten (DELTAI-DELTAn, GAMMA1-GAM- 

20 MAk) gleich einer ganzzahligen Zufallszahl ist, 

die im Bereich zwischen eins und der Gesamt- 
zahl an Offset-Werten in der Reihe von Offset- 
Werten (DELTAI-DELTAn, GAMMA1-GAM- 
MAk) liegt, wobei die ganzzahlige Zufallszahl 

25 vom Zufallszahl-Generator (34; 134) erzeugt 

wird. 

12. Ein Hackings-Verhinderungssystem nach An- 
spruch 9 oder 10, worin der zweite Schlussei-Ge- 

30 nerator (32; 1 32) folgendes umfaBt: 

eine Offset-Wert-Empfangereinheit zum Emp- 
fangen von mindestens einem Satz von Offset- 
Werten (DELTAI-DELTAn, GAMMA1-GAM- 

35 MAk), worin jeder Offset-Wert in den Reihen 

von Offset-Werten (DELTAI-DELTAn, 
GAMMAI-GAMMAk) mit einem entsprechen- 
den Berechtigungs-Datenpacket in der Reihe 
von Berechtigungs-Datenpacketen 

40 (PKT1-PKTn) gepaart ist; und 

einen Offset-Wert-Bereitsteller zum Bereitstel- 
len des zweiten Schlussels (DELTA1 -DELTAn), 
wobei der zweite Schlussel (DELTA1 -DELTAn) 
mindestens einen Offset-Wert einschlieBt, des- 

45 sen Seriennummer in der Reihe von Offset- 

Werten (DELTAI-DELTAn, GAMMAI-GAM- 
MAk) gleich mit der Seriennummer des ausge- 
wahlten Datenpackets ist. 

50 13. Ein Hackings-Verhinderungssystem nach einem 
oder mehreren der Anspruche 9, 10 und 12, worin 
mindestens einer des ersten Schlussel-Generators 
(36; 136) oder des Geheimzahl-Generators (38; 
138) in mindestens einem eines Zerhacker oder ei- 

55 nes Dekodierers ausgebildet ist. 

14. Ein Hackings-Verhinderungsverfahren zur Verwen- 
dung mit einem Netzwerk, das einen Sender und 
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15 

erne Vielzahl von Empfangem einschlieflt, wobei je- 
der Empfanger unabhangig von einer Geheimzahl 
(SEE DO) freigeschaltet wird, und sobald er freige- 
schaltet ist, auf Daten (PKT1-PKTn, DELTA1 -DEL- 
TAn, G AMMA1 -G AMM Ak) reagiert, die aus dem s 
Sender empfan gen werden, um eine verschlusselte 
Information zu entschlusseln, wobei das Verfahren 
die folgenden Schritte umfaGt: 

das Erzeugen eines ersten Schlussels 10 
(SEED1-SEEDn), indem mindestens ein Teil 
der Daten (PKT1-PKTn, DELTAI-DELTAn, 
GAMM A1 -G AMMAk) und eine Funktion (34; 
134) verwendet wird, die sich mindestens fur 
eine Mehrzahl einiger aus der Vielzahl von 1$ 
Empfangem unterscheidet, wobei der erste 
Schlussel (SEED1 -SEEDO) fur jeden Empfan- 
ger unterschiedlich ist, der Ober eine unter- 
schiedliche Funktion verfugt; und 
das Erzeugen eines zweiten Schlussels 20 
(DELTAI-DELTAn), indem mindestens ein Teil 
der Daten (PKT1-PKTn, DELTAI-DELTAn, 
G AMMA1 -GAMMAk) und die Funktion (34; 
1 34) verwendet wird, dadurch gekennzeichnet, 
dafi das Verfahren weiterhin die folgenden 25 
Schritte umfaGt: 

das Erzeugen der Geheimzahl (SEEDO), in- 
dem der erste Schlussel (SEED1-SEEDn) mit 
dem zweiten Schlussel (DELTAI-DELTAn) ver- 
wendet wird, um die Geheimzahl (SEEDO) zu 30 
erzeugen, die f Or alle aus der Vielzahl von Emp- 
fangem dieselbe ist, 

wodurch der erste und der zweite Schlussel 
(SEED1-SEEDn, DELTAI-DELTAn), die an ei- 
nem ersten Empfanger abgefangen werden, 35 
nicht wirksam sein konnen, um einen zweiten 
Empfanger, der eine unterschiedliche Funktion 
aufweist, freizuschalten. 

1 5. Ein Verfahren nach Anspruch 1 4, das ebenfalls fol- 40 
gendes umfaBt: 

das Assoziieren eines jeden aus der Vielzahl 
von Empfangem mit einem Teilnehmer aus ei- 
ner Vielzahl von Teilnehmem; *s 
die einzelne Kennzeichnung der Vielzahl von 
Teilnehmem durch mindestens einen der fol- 
genden Parameter: Infonmationslieferanten, 
geographischen Lagen und Bevokerungszahl- 
statistiken; so 
das Unterteilen der Vielzahl von Teilnehmem in 
verschiedene Gruppen, und zwar in Uberein- 
stimmung mit mindestens einem der Parame- 
ter, wobei die verschiedenen Gruppen alle se- 
lektiv berechtigt werden, um mindestens einen ss 
Teil der Information aus einer Inf ormationsquel- 
le zu empfangen; 

das Erzeugen eines dritten Schlussels 



(GAMMA1 -GAMMAk) an mindestens einem 
aus der Vielzahl von Empfangem, indem min- 
destens ein Teil der Daten (PKT1-PKTn, 
DELTAI-DELTAn, GAMM A1 -GAMMAk) ver- 
wendet wird, um den dritten Schlussel 
(GAMMA1 -GAMMAk) bereitzustellen, der 
durch mindestens einen der Parameter ge- 
kennzeichnet ist, worin 

der Schritt zum Erzeugen der Geheimzahl 
(SEEDO) den Schritt zum Erzeugen der Ge- 
heimzahl (SEEDO) umfaBt, die fur alle aus der 
Vielzahl von Empfangem dieselbe ist, und zwar 
indem der dritte Schlussel (G AM MA 1 -GAM- 
MAk) mit dem ersten Schlussel und mit dem 
zweiten Schlussel (SEED1-SEEDn, 
DELTAI-DELTAn) verwendet wird, wodurch 
der dritte Schlussel (GAMMA1 -GAMMAk), so- 
bald er am Empfanger abgefangen wird, der 
Teil einer ersten Gruppe von Empfangem bil- 
det, die in Ubereinstimmung mit mindestens ei- 
nem der Parameter unterteilt werden, nicht 
wirksam sein kann, um einen Empfanger frei- 
zuschalten, der Teil einer zweiten Gruppe von 
Empfangem bildet, die in Ubereinstimmung mit 
mindestens einem der Parameter unterteilt 
werden. 



Revendications 

1 . Systeme de prevention du piratage a utiliser avec 
un reseau comprenant un 6metteur et une plurality 
de r6cepteurs, chaque recepteur etant valide inde- 
pendamment par un code secret (SEEDO) et rea- 
gissant, lorsqu'il est valide, a des donnees (PKT r 
PKT n , DELT^-DELTA^ GAMMA., -GAMMAJ re- 
cues de I'emetteur pour d6chiffrer une information 
chiffree, chacun de la plurality de recepteurs 
comprenant : 

un premier generateurdecle (36; 136), utilisant 
au moins une partie des donnees (PKT,-PKT n , 
DELTA 1 -DELTA n , GAMMA 1 -GAMMA k ) et une 
fonction (34; 1 34) qui differe pour au moins une 
pluralite de recepteurs de la pluralite de recep- 
tees, pour gen^rer une premiere cle (SEED r 
SEED ft ) qui est differente pour chaque recep- 
teur ayant une fonction differente; et 
un deuxieme g§nerateur de eld (32; 132) utili- 
sant au moins une partie des donnees (PKT r 
PKT ft , DELTA 1 -DELTA n , GAMMA, -GAMMA*) 
et la fonction (34; 134) pour produire une 
deuxieme cle (DELTA r DELTA n ); 

caracterise en ce que la pluralite de recep- 
teurs comprend de plus : 

un generateur de code secret (38; 1 38) utilisant 
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la premiere cle (SEED r SEED n ) avec la 
deuxieme cl6 (DEl-TAj -DELTAS pour produire 
le code secret (SEEDO) qui est le meme pour 
tous les recepteurs de la plurality de recep- 
teurs, s 
la premiere et la deuxieme cl6s (SEED r 
SEED n , DELTA 1 -DELTA n ) ) intercept6es a un 
premier recepteur ne pouvant pas valider un 
deuxieme recepteur ayant une fonction diff6- 
rente. 10 

2. Systeme de prevention de piratage selon la reven- 
dication 1 dans lequel la lonction (34; 1 34) qui dif- 
fere pour au moins une pluralite de recepteurs de 

la pluralite" de recepteurs, est un gen6rateur de 15 
nombre aieatoire (34; 134). 

3. Systeme de prevention de piratage selon les reven- 
dications 1 ou 2 dans lequel le deuxieme genera- 
tes de cle (32; 1 32) est realise dans une puce ITGE 20 
unique. 



egalement : 

un troisieme generateur de cle (132) utilisant 
au moins une partie des donnees (PKT r PKT m 
DELTA 1 -DELTA n( GAM MA-, -GAM MA k ) pour 
fournir une troisieme c!6 (GAMMA r GAMMA k ) 
qui se caracterise par au moins un des para- 
metres, dans lequel 

le generateur de code secret (38; 138) sert a 
utiliser la troisieme cl6 (GAMMA, -GAMMA*) 
avec la premiere cl6 (SEEDrSEEDn) el k 
deuxieme cie (DELTA 1 -DELTA n ) pour produire 
le code secret (SEEDO) qui est le meme pour 
toute la plurality de recepteurs, et 
la troisieme cl6 (GAMMA^GAMMA^, lors- 
qu'elle est intercepted a un recepteur qui fait 
partie d'un premier groups de recepteurs grou- 
ped selon au moins un des parametres, ne peut 
pas valider un recepteur qui fait partie d'un 
deuxieme groupe de recepteurs grouped selon 
au moins un des parametres. 



4. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1 -3 dans lequel le pre- 
mier generateur de cle (36; 136), un fournisseur 
pour la fonction (34; 1 34) et le generateur de code 
secret (38; 138) sont realised dans, une puce ITGE 
unique. 

5. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1 -3 dans lequel le pre- 
mier g6n6rateur de c!6 (36; 136), un fournisseur 
pour la fonction (34; 134), le generateur de code 
secret (38; 138) et le deuxieme generateur de cle 
(32; 1 32) sont realises dans une puce ITGE unique. 

6. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1-5 dans lequel cha- 
cun de la plurality de recepteurs comprend au 
moins une des puces ITGE. 

7. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1 -6 dans lequel le re- 
seau est un redeau CATV et la pluralite de recep- 
teurs sont des recepteurs et des decodeurs CATV. 

8. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1-7 et pouvant egale- 
ment transmettre seiectivement des informations a 
la pluralite de recepteurs d'un emetteur d'informa- 
ttons, chacun de la pluralite de recepteurs etant as- 
socie a Tun d'une pluralite d'abonnes, lesquels 
abonn6s peuvent §tre individuellement caract6ri- 
ses par au moins un des parametres suivants : four- 
ntsseurs d'infonmation, emplacements geographi- 
ques, et d6mographie, et groupes dans differents 
groupes selon au moins un des parametres, chacun 
de la pluralite de recepteurs comprenant 



9. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1 -8 dans lequel le pre- 

25 mier generateur de cle (36; 1 36) comprend : 

une unite de recepteur de paquet pour recevoir 
un flux de donnees comprenant au moins une 
serie de paquets d'autorisation (PKiyPKTn), 

30 un fournisseur de paquet pour fournir un paquet 

choisi, le paquet choisi etant un paquet dont le 
numero de serie dans la serie de paquets 
d'autorisation (PKT-,-PKT n ) est 6gal a un nom- 
bre entier aieatoire compris dans I'intervalle al- 

35 lant de un au nombre total de paquets dans la 

serie de paquets d'autorisation (PKTj-PKTn), le 
nombre entier aieatoire etant produit par le ge- 
nerateur de nombre aieatoire (34; 134), et 
un premier recepteur de cie pour recevoir la 

40 premiere cl6 (SEED r SEED n ) qui correspond 

uniquement au paquet choisi. 

10. Systeme de prevention de piratage selon la reven- 
dication 9 dans lequel le fournisseur de paquet sert 

45 & fournir le paquet choisi a une carte a memoire 
amovible (36; 136), et le premier recepteur de cl6 
sert a recevoir la premiere cl6 (SEEDrSEEDn) °" e 
la carte a memoire amovible (36; 136). 

50 11. Systeme de prevention de piratage selon une ou 
plusieurs des revendications 1-8 dans lequel le 
deuxieme generateur de cl6 (32; 132) comprend : 

une unite de recepteur de valeur de decalage 
55 pour recevoir un flux de donn6es comprenant 

au moins une serie de valeurs de decalage 
(DELTA-, -DELTA,,, GAMMA-, -GAMMA k ) dans 
lequel chaque valeur de decalage de la serie 
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de valeurs de decalage (DELTA-, -DELTA,,, 
GAMMA r GAMMA k ) est appari6e a un paquet 
d'autorisation correspondant dans une s6rie de 
paquets d'autorisation (PKT,-PKT n ); et 
un foumisseur de valeur de decalage pour four- s 
nir la deuxieme ci6 (DELTA 1 -DELTA n ). la 
deuxieme cie (DELTA-, -DELTA^ comprenant 
au moins une valeur de decalage dont le nu- 
m6ro de serie dans la s6rie de valeurs de de- 
calage (DELTA^DELTA,,, GAMMAtGAMMAk) io 
est 6gal a un nombre entier al6atoire compris 
dans I'intervalle allant de un au nombre de va- 
leurs de d6calage dans la s6rie de valeurs de 
decalage (DEL^-DELTA^ GAMMA r GAM- 
MAjJ, le nombre entier al6atoire etant produit 
par le g6nerateur de nombre aieatoire (34; 
134). 

12. Systeme de prevention de pi rata ge selon les reven- 
dications 9 ou 10 dans lequel le deuxieme gendra- 20 
teurde cle (32; 132) comprend : 

une unite de recepteur de valeur de decalage 
pour recevoir au moins un ensemble de valeurs 
de decalage (DELT^-DELTA^ GAMMA-,- 25 
GAMMAS, dans lequel chaque vale urde ddca- 
lage de la serie de valeurs de decalage 
(DELTA 1 -DELTA n , GAMMA 1 -GAMMA k ) estap- 
pariee a un paquet d'autorisation correspon- 
dent de la serie de paquets d'autorisation 30 
(PKTt-PKTn); et 

un foumisseurde valeur de decalage pourfour- 
nir la deuxieme c!6 (DELTA^DELTAJ, la 
deuxifeme cle (DELTAj-DELTAn), comprenant 
au moins une valeur de decalage dont le nu- 35 
mero de serie dans la serie de valeurs de de- 
calage (DELTA 1 -DELTA n , GAMMA 1 -GAMMA k ) 
est egal au numero de serie du paquet choisi. 

13. Systeme de prevention de piratage selon une ou 40 
plusieurs des revendications 9, 1 0 et 1 2 dans lequel 
I'un au moins du premier gen£rateur de cle (36; 1 36) 

et du generate ur de code secret (38; 138) est mis 
en oeuvre dans I'un au moins d'un d6sembrouilleur 
et d'un dechiffreur. 45 

14. Precede de prevention de piratage destine a etre 
utilise avec un r6seau comprenant un emetteur et 
une pluralite de recepteurs, chaque recepteur etant 
valide independamment par un code secret so 
(SEE DO) et etant sensible, lorsqu'il est valide, a des 
donnees(PKT r PKT n , DELTA 1 -DELTA n , GAMMA r 
GAMMA k ) recues de remetteur pour d6chiff rer une 
information chiffr6e, le precede comprenant les 
operations consistant a : 55 

g6n6rer une premiere cl6 (SEED r SEED n ), en 
utilisant au moins une partie des donnees 



(PKT r PKT n , DELTA 1 -DELTA n( GAMMA-, - 
GAMMAS et une fonction (34; 1 34) qui differe 
pour au moins une pluralite de recepteurs de la 
pluralite de recepteurs, la premiere cle 
(SEED r SEED n ) etant differente pour chaque 
recepteur ayant une fonction diff6rente; et 
gen6rer une deuxieme cie (DELTA^ELTA,,) 
en utilisant au moins une partie des donnees 
(PKT r PKT n , DELTAj-DELTAn, GAMMA r 
GAMMA^ et la fonction (34; 134), 

caracterise en ce que le procede comprend 
de plus les operations consistant a : 

generer le code secret (SEE DO) en utilisant la 
premiere cie (SEED r SEED n ) avec la deuxie- 
me cl6 (DELTA^DELTAn) pour produire le code 
secret (SEE DO) qui est te meme pour tous les 
recepteurs de la pluralite de recepteurs, 
la premiere et la deuxieme cles (SEED-,- 
SEED n , DELTA^DELTAn) interceptees a un 
premier recepteur ne pouvant pas valider un 
deuxieme recepteur ayant une fonction diffe- 
rente. 

15. Procede selon la revendication 14 et comprenant 
egalement les operations consistant a : 

associer chacun de la pluralite de recepteurs a 
I'un d'une pluralite d'abonnes; 

caracteriser individuellement la pluralite 
d'abonnes par au moins un des parametres 
suivants : foumisseurs de I'information, emplace- 
ments geographiques, et demographie; 

grouper la pluralite d'abonnes dans d iff e rents 
groupes selon au moins un des parametres, les 
diff6rents groupes etant chacun seiectivement 
autorise a recevoir au moins une partie de Tin- 
formation provenant d'un emetteur d'informa- 
tions; 

produire, en au moins un de la pluralite de re- 
cepteurs, une troisieme c!6 (GAMMA, -GAM- 
MA^ en utilisant au moins une partie des don- 
nees (PKT r PKT n , DELTA 1 -DELTA n , 
GAMMA 1 -GAMMA k ) pour foumir la troisieme 
cie (GAMMA-, -GAMMA^ qui est caracterisee 
par au moins un des parametres, 
Toperation consistant a generer le code secret 
(SEEDO) comprenant l'op6ration consistant a 
generer le code secret (SEEDO) qui est le me- 
me pour toute la pluralite de recepteurs en uti- 
lisant la troisieme cl6 (GAMMA 1 -GAMMA k ) 
avec la premiere cl6 et la deuxieme cie 
(SEED r SEED n , DELTA 1 -DELTA n ), 
la troisieme cl6 (GAMMA 1 -GAMMA k ), lors- 
qu'elle est interceptee a un recepteur qui fait 
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partie d'un premier groupe de r6cepteurs grou- 
ped selon au moins un des parametres, ne pou- 
vant pas valider un recepteur qui fart partie d'un 
deuxieme groupe de recepteurs groupes selon 
au moins un des parametres. s 
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RECEIVE PKTi PKTn 

AND DELTA i DELTA „ 

VIA SATELLITE LINK 



TRANSMIT THE OFFSET 
VALUE WHOSE INDEX 
NUMBER WAS RANDOMLY 
SELECTED, i.e DELTA3 , 
TO DESCRAMBLER UNIT 38. 



DELTA 3 



I 



PERFORM: 

SEEDo=f(SEED3, DELTA3) 



DESCRAMBLE 

DATA 
USING SEEDo 



DESCRAMBLING 

L UNIJ_ 38_ - d 



END 



_l 



FIG. 3 



15 



EP 0 658 054 B1 



r 




RANDOMLY 

GENERATE A 

NUMBER BETWEEN 
1,...,n 



RECEIVE PKT, PKTn 

AND DELTA 1 DELTA n 

VIA SATELLITE LINK 



1 



TRANSMIT THE OFFSET 
VALUE WHOSE INDEX 
NUMBER WAS RANDOMLY 
SELECTED, i.e DELTAj. TO 

DESCRAMBLER UNIT 38. 



IN PRU 32: 
CALCULATE THE SEED 
VALUE 

CORRESPONDING TO PKT 3 , 
i.e. SEED 3 



TRANSMIT SEED 3 
TO DESCRAMBLER 
UNIT 38 



SEED3 



DELTA 3 



1 



PREFORM: 

SEEDo = f(SEED 3 , DELTAs) 



DESCRAMBLE 

DATA 
USING SEEDo 



DESCRAMBLER 
UNIT 38 



SECURE ENVIRONMENT 




J 



J 



FIG. 4 



16 



EP O 658 054 B1 



o 


CO 


> 




70 


> 


o 


73 








/ 



iA 

m 
rn 
o 



> 
O 
7K 

m 



X) 
m 
o 
m 

> 

o 

o 
m 

CO 

o 

70 
> 

CD 

r- 
m 



o 
m 

CO 

? > 

CD 

m 















m 




rn 












. * 




O 


CO 


m 


m 


i— 


m 


> 


o 

o 




II 




O 




> 












> 













1 



> 



> 



o 

m 
r- 

> 



Cm 



u 



o > 
< m 



CO 



H 

3 

o 
m 
c 

T| > 
X) - 

O : 



CO 
> 



m 



m 



o 
m 
r- 

H 
> 

> 

a 

o 
> 




> 



p 



04 

o 



17 



EP 0658 054 B1 



START 



r 



RANDOMLY 
GENERATE A 
NUMBER BETWEEN 

1 n 

FOR EXAMPLE, 3. 



T 



TRANSMIT THE 
PACKET WHOSE 
NUMBER WAS 
RANDOMLY SELECTED, 
i.e. PKTs, TO SMART 
CARD 



IN THE SMART CARD: 

CALCULATE THE SEED 
VALUE CORRESPONDING 

TO PKTa, i.e. SEEDs* 



RECEIVE PKTi PKTn, 

DELTA i DELTA n AND 

GAMMAi GAMMA k 



TRANSMIT THE OFFSET 
VALUE WHOSE INDEX 
NUMBER WAS RANDOMLY 
SELECTED, i.e DELTA j, TO 

DESCR AMBLER UNIT 138. 



DELTA j 



TRANSMIT THE SELECTED 

SECOND OFFSET 
VALUE, i.e. GAMMA 2 . TO 
DESCRAMBLER UNIT 138. 




TRANSMIT SEED 3* 
TO DESCRAMBLER 
UNIT 138 



DESCRAMB 



DESCRAMBLE 

DATA 
USING SEEDo 



JNG 



UNIT 138 



SECURE ENVIRONMENT 



L 



_l 



END 



J 



FIG. 6 



18 



